Search criteria
33 vulnerabilities found for cdh by cloudera
FKIE_CVE-2019-7319
Vulnerability from fkie_nvd - Published: 2019-11-26 16:15 - Updated: 2024-11-21 04:48
Severity ?
Summary
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBA882-82E1-42BD-BE11-703560452A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF59504-AD91-494C-A9A6-FD53E9F5714B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE4C218-905A-4091-A10C-70E9D7B53DA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Cloudera Hue versiones 6.0.0 hasta 6.1.0. Cuando se usa uno de los siguientes backends de autenticaci\u00f3n: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend u OAuthBackend, los usuarios externos son creados con privilegios de superusuario."
}
],
"id": "CVE-2019-7319",
"lastModified": "2024-11-21T04:48:00.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T16:15:14.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-17860
Vulnerability from fkie_nvd - Published: 2019-11-26 15:15 - Updated: 2024-11-21 03:55
Severity ?
Summary
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE90091-93CF-4CD1-9BF6-1785D5FE7114",
"versionEndIncluding": "5.14.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3470CD2C-993B-4EBE-B789-D72291F6BA15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57FD7A6A-91E1-40F0-930E-7EA0EBE2D989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCBA882-82E1-42BD-BE11-703560452A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF59504-AD91-494C-A9A6-FD53E9F5714B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1."
},
{
"lang": "es",
"value": "Cloudera CDH posee Permisos No Seguros porque TODOS no se pueden revocar, lo que afecta a versiones 5.x hasta 5.15.1 y versiones 6.x hasta 6.0.1."
}
],
"id": "CVE-2018-17860",
"lastModified": "2024-11-21T03:55:04.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T15:15:11.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-5724
Vulnerability from fkie_nvd - Published: 2019-11-26 14:15 - Updated: 2024-11-21 02:54
Severity ?
Summary
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE66A81-E123-42DE-AFCF-6E7ABB94D9E6",
"versionEndExcluding": "5.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles."
},
{
"lang": "es",
"value": "Cloudera CDH versiones anteriores a 5.9, presenta Informaci\u00f3n Potencialmente Confidencial en Paquetes de Soporte de Diagn\u00f3stico."
}
],
"id": "CVE-2016-5724",
"lastModified": "2024-11-21T02:54:53.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T14:15:11.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6353
Vulnerability from fkie_nvd - Published: 2019-11-26 14:15 - Updated: 2024-11-21 02:55
Severity ?
Summary
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EBFB12-280E-45E4-A52D-110A61D7BE5F",
"versionEndExcluding": "5.7.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler."
},
{
"lang": "es",
"value": "Cloudera Search en CDH versiones anteriores a 5.7.0, permite el acceso no autorizado a documentos porque las Consultas Solr por identificaci\u00f3n de documento pueden omitir la seguridad a nivel de documento Sentry por medio de la funci\u00f3n RealTimeGetHandler."
}
],
"id": "CVE-2016-6353",
"lastModified": "2024-11-21T02:55:57.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T14:15:11.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7831
Vulnerability from fkie_nvd - Published: 2019-11-26 14:15 - Updated: 2024-11-21 02:37
Severity ?
Summary
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB274FE2-6052-4E84-BE19-38307E81CACC",
"versionEndExcluding": "5.4.9",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used."
},
{
"lang": "es",
"value": "En Cloudera Hue, un usuario de solo lectura puede escalar privilegios cuando se utiliza CDH versiones 5.x anteriores a 5.4.9."
}
],
"id": "CVE-2015-7831",
"lastModified": "2024-11-21T02:37:29.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T14:15:11.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3131
Vulnerability from fkie_nvd - Published: 2019-11-26 14:15 - Updated: 2024-11-21 02:49
Severity ?
Summary
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0635C6-0AA7-48A9-B50B-1F76A443A850",
"versionEndExcluding": "5.3.10",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12661B00-D39A-437C-9F9D-6439F231F676",
"versionEndExcluding": "5.4.10",
"versionStartIncluding": "5.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F464E81-6C00-4195-AC5D-29E8F7E24D85",
"versionEndExcluding": "5.5.4",
"versionStartIncluding": "5.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0821458-EDDC-457C-9211-E3B5A34EFDBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls."
},
{
"lang": "es",
"value": "Cloudera CDH versiones anteriores a 5.6.1, permite la omisi\u00f3n de autorizaci\u00f3n por medio de llamadas de la API internas y directas."
}
],
"id": "CVE-2016-3131",
"lastModified": "2024-11-21T02:49:26.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T14:15:11.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4572
Vulnerability from fkie_nvd - Published: 2019-11-26 14:15 - Updated: 2024-11-21 02:52
Severity ?
Summary
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD38CA-E5E3-450C-B5CF-5ACDF99924CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6F68F4-538B-4080-847A-300C168FC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E3282-8F74-43C7-8C2B-984B58F86D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC306BB1-E01C-43E1-ACE1-759A703D5D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "858B8A48-5835-49E5-9CA8-EAEAAA6597DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0821458-EDDC-457C-9211-E3B5A34EFDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B445F1D2-CB34-4BC8-B870-D7CF065EC36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7922C91D-F7C9-48ED-BDAE-8C88DEB3EA8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges."
},
{
"lang": "es",
"value": "En Cloudera CDH versiones anteriores a 5.7.1, los comandos Impala REVOKE ALL ON SERVER no revocan todos los privilegios."
}
],
"id": "CVE-2016-4572",
"lastModified": "2024-11-21T02:52:31.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T14:15:11.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9325
Vulnerability from fkie_nvd - Published: 2019-07-03 17:15 - Updated: 2024-11-21 03:35
Severity ?
Summary
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9C307E-88BC-4A70-80C0-77B876A0D9CD",
"versionEndIncluding": "5.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55010C94-40AB-464B-B19C-E7D35CAC1862",
"versionEndIncluding": "5.9.2",
"versionStartIncluding": "5.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CEA2DB4-19CD-4B5B-A07B-6EBE7101E362",
"versionEndIncluding": "5.10.1",
"versionStartIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B87564F-1DBF-418A-BBAA-E850089CDA03",
"versionEndIncluding": "5.11.1",
"versionStartIncluding": "5.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs."
},
{
"lang": "es",
"value": "La configuraci\u00f3n de ejemplo de solrconfig.xml segura provista no impone la autorizaci\u00f3n de Sentry en / update / json / docs."
}
],
"id": "CVE-2017-9325",
"lastModified": "2024-11-21T03:35:49.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-03T17:15:09.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-6605
Vulnerability from fkie_nvd - Published: 2017-04-10 14:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudera | cdh | 5.2.0 | |
| cloudera | cdh | 5.2.1 | |
| cloudera | cdh | 5.2.2 | |
| cloudera | cdh | 5.2.3 | |
| cloudera | cdh | 5.2.4 | |
| cloudera | cdh | 5.2.5 | |
| cloudera | cdh | 5.2.6 | |
| cloudera | cdh | 5.3.0 | |
| cloudera | cdh | 5.3.1 | |
| cloudera | cdh | 5.3.2 | |
| cloudera | cdh | 5.3.3 | |
| cloudera | cdh | 5.3.4 | |
| cloudera | cdh | 5.3.5 | |
| cloudera | cdh | 5.3.6 | |
| cloudera | cdh | 5.3.7 | |
| cloudera | cdh | 5.3.8 | |
| cloudera | cdh | 5.3.9 | |
| cloudera | cdh | 5.3.10 | |
| cloudera | cdh | 5.4.0 | |
| cloudera | cdh | 5.4.1 | |
| cloudera | cdh | 5.4.2 | |
| cloudera | cdh | 5.4.3 | |
| cloudera | cdh | 5.4.4 | |
| cloudera | cdh | 5.4.5 | |
| cloudera | cdh | 5.4.6 | |
| cloudera | cdh | 5.4.7 | |
| cloudera | cdh | 5.4.8 | |
| cloudera | cdh | 5.4.9 | |
| cloudera | cdh | 5.4.10 | |
| cloudera | cdh | 5.4.11 | |
| cloudera | cdh | 5.5.0 | |
| cloudera | cdh | 5.5.1 | |
| cloudera | cdh | 5.5.2 | |
| cloudera | cdh | 5.5.3 | |
| cloudera | cdh | 5.5.4 | |
| cloudera | cdh | 5.5.5 | |
| cloudera | cdh | 5.5.6 | |
| cloudera | cdh | 5.6.0 | |
| cloudera | cdh | 5.6.1 | |
| cloudera | cdh | 5.7.0 | |
| cloudera | cdh | 5.7.1 | |
| cloudera | cdh | 5.7.2 | |
| cloudera | cdh | 5.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6CC1BD-4A89-4E35-9960-663C3680AB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2BFFA-9C9D-40C8-A5E1-F7D7F72044B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ACDD34-8043-4F94-8BE2-FC836575338C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "13E6EA6D-5473-41AE-81F1-9996AD458BF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAC2D81-4B44-49BE-883A-5477320AE8DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6034866D-A896-4AFE-9EDF-E021CA1C4CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "814B29A3-5EF3-4225-A2D3-F1714484FB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "613FF93C-3186-48E4-B549-66FDF52B361B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B7F056A-1186-43ED-B748-D8ECFDF4311F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "471102DD-5589-4A46-A733-27127B292D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "72E0B0E1-4A7B-4364-BE3E-426C66E16CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAB1666-E7EF-4652-9972-94FB1ACB3FF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "83792524-F31C-48A8-9C0A-27806F58E974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "92A1893E-108B-451C-8663-756A420DA54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FFBA45-DD76-49AB-B6E9-E7247E72E9F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6261D0-B6AA-455C-8C72-2839649B2509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "510E937F-9CB0-4E07-B928-26492AE107A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F28AFA4C-AD43-47D2-99E6-E1C8A94908AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D673E85-1456-4100-AC62-84EB2AD69481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CAB77F6D-801E-4C1A-BFBE-0FB9AE7AEA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18BBCD80-7158-4B3B-941E-A94A567688A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98341E9C-2B10-4460-80B3-0287ED89BCF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5D5EAD-4869-41D0-9144-A50222D1447E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6EB6DC29-9762-4AF8-B521-BC6F60D3294D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A05A540-C651-4651-B553-9FC6C621604E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D7D3A6-B0EB-45CA-8EB5-60E2938A6BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "57726EB2-58C2-4407-879D-47404D4F7253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8E23D25C-EAC3-450A-81DF-B2889A6BE73E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "76E9BDD1-0485-418E-8A75-2846D448451B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "95F81F00-56F5-4C17-ABDB-E1670A48F7D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DBD38CA-E5E3-450C-B5CF-5ACDF99924CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6F68F4-538B-4080-847A-300C168FC258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2E3282-8F74-43C7-8C2B-984B58F86D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DC306BB1-E01C-43E1-ACE1-759A703D5D57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "858B8A48-5835-49E5-9CA8-EAEAAA6597DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F27CA3DE-DA96-41A7-931C-3DEEEBE8D833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7B6FED-5A57-403C-83E4-8D9780EA1B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0821458-EDDC-457C-9211-E3B5A34EFDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B445F1D2-CB34-4BC8-B870-D7CF065EC36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7922C91D-F7C9-48ED-BDAE-8C88DEB3EA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2304AA62-575C-4144-840C-0BFD98F89A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF9E5E9-F8A3-434D-A185-C38258B5D2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF78A4BF-BC24-4DE0-8961-A9BB6564CA7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
},
{
"lang": "es",
"value": "Impala en CDH desde 5.2.0 hasta la versi\u00f3n 5.7.2 y 5.8.0 permite a atacantes remotos eludir la autorizaci\u00f3n de Setry."
}
],
"id": "CVE-2016-6605",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-10T14:59:00.247",
"references": [
{
"source": "cve@mitre.org",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0229
Vulnerability from fkie_nvd - Published: 2017-03-23 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudera | cdh | 5.0.0 | |
| cloudera | cdh | 5.0.0 | |
| cloudera | cdh | 5.0.0 | |
| apache | hadoop | 0.23.0 | |
| apache | hadoop | 0.23.1 | |
| apache | hadoop | 0.23.3 | |
| apache | hadoop | 0.23.4 | |
| apache | hadoop | 0.23.5 | |
| apache | hadoop | 0.23.6 | |
| apache | hadoop | 0.23.7 | |
| apache | hadoop | 0.23.8 | |
| apache | hadoop | 0.23.9 | |
| apache | hadoop | 0.23.10 | |
| apache | hadoop | 2.0.0 | |
| apache | hadoop | 2.0.1 | |
| apache | hadoop | 2.0.2 | |
| apache | hadoop | 2.0.3 | |
| apache | hadoop | 2.0.4 | |
| apache | hadoop | 2.0.5 | |
| apache | hadoop | 2.0.6 | |
| apache | hadoop | 2.1.0 | |
| apache | hadoop | 2.1.1 | |
| apache | hadoop | 2.2.0 | |
| apache | hadoop | 2.3.0 | |
| apache | hadoop | 2.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFFAE88-DD05-4431-A011-385D48033BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B0293F82-7BA9-4608-96B7-CCED9A98313C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BF18527D-BF9B-4495-AF89-F976322E3A69",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "029481B4-F0BC-4C44-B5DB-4AE66AE92334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501DBE03-139A-46E9-BFD5-B7D8245AD2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AD95328D-ED9A-4889-96E7-C7B3041745FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65899B21-D364-4E6D-8E82-1D408BA4E2A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5512B2DD-5136-4215-899C-FB48AFA8A2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "68A3493C-3D69-46A9-920A-8BB44B090609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.7:*:*:*:*:*:*:*",
"matchCriteriaId": "74588026-F427-4E31-89FA-FFCE5B2EC108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD4F0BA-614B-47A9-B916-DD1400FCE532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8C1670-EFEF-409B-B985-5815B6791B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:0.23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF986316-0FB8-4AF9-B372-4FC53C957D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "227941BD-D769-45AD-9D61-7FCA3C2264FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "18BF490A-0865-47C0-A143-0991B40BD259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "E091799F-203D-4C52-839E-E798770C0287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.3:alpha:*:*:*:*:*:*",
"matchCriteriaId": "80E53689-C56C-4104-B510-CB4116B898CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "591921C3-F7EA-402E-9C36-2EADF0417C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.5:alpha:*:*:*:*:*:*",
"matchCriteriaId": "9FA774A9-81B3-4303-B254-C802B4DC8004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.0.6:alpha:*:*:*:*:*:*",
"matchCriteriaId": "877CAAE8-5E57-4D0D-A8EB-8CA696D0CE3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "25DB127F-4293-4847-A8C4-C7F6B74762EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "E8AE3E25-0726-4039-A3A8-B53F7CF0E638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9B08F2-CF75-4875-BDE1-D5D9CC7BF7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11B47B33-C54B-47F7-8AB7-90A589EED6F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:hadoop:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "377E3DCD-CEB7-400B-BD78-A4C1EE98E4E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command."
},
{
"lang": "es",
"value": "Apache Hadoop 0.23.x en versiones anteriores a 0.23.11 y 2.x en versiones anteriores a 2.4.1, como se utiliza en Cloudera CDH 5.0.x en versiones anteriores a 5.0.2, no verifica la autorizaci\u00f3n para los comandos de administraci\u00f3n HDFS (1) refreshNamenodes, (2) deleteBlockPool y (3) ShutdownDatanode, lo que permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (cierre de DataNodes) o realizar operaciones innecesarias emitiendo un comando."
}
],
"id": "CVE-2014-0229",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T20:59:00.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-6446
Vulnerability from fkie_nvd - Published: 2017-03-23 20:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/97068 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97068 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cloudera | cdh | 4.0.0 | |
| cloudera | cdh | 4.0.1 | |
| cloudera | cdh | 4.1.0 | |
| cloudera | cdh | 4.1.1 | |
| cloudera | cdh | 4.1.2 | |
| cloudera | cdh | 4.1.3 | |
| cloudera | cdh | 4.1.4 | |
| cloudera | cdh | 4.1.5 | |
| cloudera | cdh | 4.2.0 | |
| cloudera | cdh | 4.2.1 | |
| cloudera | cdh | 4.2.2 | |
| cloudera | cdh | 4.3.0 | |
| cloudera | cdh | 4.3.1 | |
| cloudera | cdh | 4.3.2 | |
| cloudera | cdh | 4.4.0 | |
| cloudera | cdh | 4.5.0 | |
| cloudera | cdh | 5.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30715E47-3508-4413-9AF0-F7A5494BD3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12AFC1A8-B5C1-4704-9208-66A7C58AFF66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6CA009-5032-4FE5-8BE6-D00C7DFEB162",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C243346-5F50-4C18-9DAE-A5828BA7DC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D790D3B1-14A3-48D7-BA84-596D00F0793F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A10C11CC-2C96-4CF0-BC66-7C5A9425A20A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6718CB4-3D73-4E4F-B54C-EBF944D73352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE609BC8-D73F-4032-AA71-E5F64910A2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "935C3F63-BF05-4D0C-8C0A-55A8E5AFF8E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A293DE-E885-4BCA-9807-AFEFFE33AC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AA74529E-7E6B-410C-96E0-6437C7D674C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9EFF66-7D5E-4E2B-AA8C-B75E4EACF6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33CA6D5-3BE7-4385-B67D-D983DFD0CBC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "031729AF-F9E6-479D-90FE-FA7C1E33104F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F8B080-BF55-4B31-B122-6F3C64C75ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAA7878-70CE-470C-8889-CB13A71FC2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloudera:cdh:5.0.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "B0293F82-7BA9-4608-96B7-CCED9A98313C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs."
},
{
"lang": "es",
"value": "El JobHistory Server en Cloudera CDH 4.x en versiones anteriores a 4.6.0 y 5.x en versiones anteriores a 5.0.0 Beta 2, cuando se utiliza MRv2/YARN con autenticaci\u00f3n HTTP, permite a usuarios remotos autenticados obtener informaci\u00f3n de trabajo sensible aprovechando el fallo para aplicar ACLs de trabajo."
}
],
"id": "CVE-2013-6446",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-23T20:59:00.173",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97068"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_mfb_qpm_4n"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-7319 (GCVE-0-2019-7319)
Vulnerability from cvelistv5 – Published: 2019-11-26 15:22 – Updated: 2024-08-04 20:46
VLAI?
Summary
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:22:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b",
"refsource": "CONFIRM",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7319",
"datePublished": "2019-11-26T15:22:11",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17860 (GCVE-0-2018-17860)
Vulnerability from cvelistv5 – Published: 2019-11-26 14:11 – Updated: 2024-08-05 10:54
VLAI?
Summary
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T14:11:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb",
"refsource": "CONFIRM",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17860",
"datePublished": "2019-11-26T14:11:35",
"dateReserved": "2018-10-01T00:00:00",
"dateUpdated": "2024-08-05T10:54:10.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7831 (GCVE-0-2015-7831)
Vulnerability from cvelistv5 – Published: 2019-11-26 13:58 – Updated: 2024-08-06 07:58
VLAI?
Summary
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:58:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7831",
"datePublished": "2019-11-26T13:58:47",
"dateReserved": "2015-10-14T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3131 (GCVE-0-2016-3131)
Vulnerability from cvelistv5 – Published: 2019-11-26 13:57 – Updated: 2024-08-05 23:47
VLAI?
Summary
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:57:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3131",
"datePublished": "2019-11-26T13:57:45",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4572 (GCVE-0-2016-4572)
Vulnerability from cvelistv5 – Published: 2019-11-26 13:51 – Updated: 2024-08-06 00:32
VLAI?
Summary
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:51:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4572",
"datePublished": "2019-11-26T13:51:20",
"dateReserved": "2016-05-09T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5724 (GCVE-0-2016-5724)
Vulnerability from cvelistv5 – Published: 2019-11-26 13:49 – Updated: 2024-08-06 01:08
VLAI?
Summary
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:49:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5724",
"datePublished": "2019-11-26T13:49:57",
"dateReserved": "2016-06-17T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6353 (GCVE-0-2016-6353)
Vulnerability from cvelistv5 – Published: 2019-11-26 13:48 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:48:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6353",
"datePublished": "2019-11-26T13:48:22",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9325 (GCVE-0-2017-9325)
Vulnerability from cvelistv5 – Published: 2019-07-03 16:23 – Updated: 2024-08-05 17:02
VLAI?
Summary
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T16:23:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9325",
"datePublished": "2019-07-03T16:23:05",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6605 (GCVE-0-2016-6605)
Vulnerability from cvelistv5 – Published: 2017-04-10 14:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6605",
"datePublished": "2017-04-10T14:00:00",
"dateReserved": "2016-08-05T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0229 (GCVE-0-2014-0229)
Vulnerability from cvelistv5 – Published: 2017-03-23 20:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#concept_i1q_xvk_2r"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0229",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7319 (GCVE-0-2019-7319)
Vulnerability from nvd – Published: 2019-11-26 15:22 – Updated: 2024-08-04 20:46
VLAI?
Summary
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T15:22:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hue"
},
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b",
"refsource": "CONFIRM",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_o2p_hjm_33b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7319",
"datePublished": "2019-11-26T15:22:11",
"dateReserved": "2019-02-04T00:00:00",
"dateUpdated": "2024-08-04T20:46:46.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17860 (GCVE-0-2018-17860)
Vulnerability from nvd – Published: 2019-11-26 14:11 – Updated: 2024-08-05 10:54
VLAI?
Summary
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:54:10.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T14:11:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#hadoop"
},
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb",
"refsource": "CONFIRM",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_vp4_q2x_thb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-17860",
"datePublished": "2019-11-26T14:11:35",
"dateReserved": "2018-10-01T00:00:00",
"dateUpdated": "2024-08-05T10:54:10.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7831 (GCVE-0-2015-7831)
Vulnerability from nvd – Published: 2019-11-26 13:58 – Updated: 2024-08-06 07:58
VLAI?
Summary
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:58:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#concept_gd2_r25_2v"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7831",
"datePublished": "2019-11-26T13:58:47",
"dateReserved": "2015-10-14T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3131 (GCVE-0-2016-3131)
Vulnerability from nvd – Published: 2019-11-26 13:57 – Updated: 2024-08-05 23:47
VLAI?
Summary
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:57:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_120"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3131",
"datePublished": "2019-11-26T13:57:45",
"dateReserved": "2016-03-13T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4572 (GCVE-0-2016-4572)
Vulnerability from nvd – Published: 2019-11-26 13:51 – Updated: 2024-08-06 00:32
VLAI?
Summary
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:51:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#id_nd4_xkr_1cb"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4572",
"datePublished": "2019-11-26T13:51:20",
"dateReserved": "2016-05-09T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-5724 (GCVE-0-2016-5724)
Vulnerability from nvd – Published: 2019-11-26 13:49 – Updated: 2024-08-06 01:08
VLAI?
Summary
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:08:00.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:49:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb-166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-5724",
"datePublished": "2019-11-26T13:49:57",
"dateReserved": "2016-06-17T00:00:00",
"dateUpdated": "2024-08-06T01:08:00.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6353 (GCVE-0-2016-6353)
Vulnerability from nvd – Published: 2019-11-26 13:48 – Updated: 2024-08-06 01:29
VLAI?
Summary
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:19.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-26T13:48:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165",
"refsource": "MISC",
"url": "https://docs.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html#tsb_165"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6353",
"datePublished": "2019-11-26T13:48:22",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:19.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9325 (GCVE-0-2017-9325)
Vulnerability from nvd – Published: 2019-07-03 16:23 – Updated: 2024-08-05 17:02
VLAI?
Summary
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-03T16:23:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/Security-Bulletin.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9325",
"datePublished": "2019-07-03T16:23:05",
"dateReserved": "2017-05-31T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6605 (GCVE-0-2016-6605)
Vulnerability from nvd – Published: 2017-04-10 14:00 – Updated: 2024-08-06 01:36
VLAI?
Summary
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:36:28.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-10T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-6605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174",
"refsource": "CONFIRM",
"url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_all_product_issues.html#tsb_174"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-6605",
"datePublished": "2017-04-10T14:00:00",
"dateReserved": "2016-08-05T00:00:00",
"dateUpdated": "2024-08-06T01:36:28.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}